<?php
/**
 * Created by PhpStorm.
 * User: 颖inv
 * Date: 2016/11/15
 * Time: 8:40
 */
header('content-type:text/html;charset=utf-8');

    $error=array();
    if (!empty($_POST)){
        $username=isset($_POST['username'])?trim($_POST['username']):'';
        $password=isset($_POST['password'])?$_POST['password']:'';
        //载入表单验证函数库，验证用户名密码和格式
        require 'check_form.lib.php';
        if (($result=checkUsername($username))!==true) $error[]=$result;
        if (($result=checkPassword($password))!==true) $error[]=$result;

        //表单验证通过，再到数据库中验证
        if (empty($error)){
            $link=mysqli_connect('localhost','root','');
            mysqli_query($link,'set names utf8');
            mysqli_query($link,'use `itcast`');
            if (!$link){
                die('连接数据库失败！'.mysqli_error($link));
            }

            //处理用户名和密码
            $username=mysqli_real_escape_string($link,$username);//SQL转义
            //根据用户名提取出用户信息
            $sql="select `id`,`password` from `user` where `username`='$username'";
            if ($rst=mysqli_query($link,$sql)){
                $row=mysqli_fetch_assoc($rst);
                $password=md5($password);
                if ($password==$row['password']){

                    //登录成功，保存用户会话
                    session_start(); //启动session
                    $_SESSION['userinfo']=array(
                        'id'=>$row['id'],
                        'username'=>$username
                    );
                    //跳转到会员中心
                    header('Location:user.php');
                    die;
                }
            }
            $error[]='用户名不存在或密码错误。';
        }
    }
    require 'login_html.php';

//根据用户名取出用户信息
    $sql="select `id`,`password`,`salt` from `users` where `username`='$username'";
    if ($rst=mysqli_query($link,$sql)) {
        $row = mysqli_fetch_assoc($rst);
        //数据库密码加密
        $password = md5($row['salt'] . md5($password));
        //判断密码是否正确
        if ($password == $row['password']) {
            //判断用户是否勾选了记住密码
            if (isset($_POST['auto_login']) && $_POST['auto_login'] == 'on') {
                //将用户名和密码保存到Cookie,并对密码加密
                $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
                $password_cookie = md5($row['password'] . md5($ua . $row['salt']));
                $_COOKIE_expire = time() + 2592000;   //保存一个月（60*60*24*30）
                setcookie('username', $username, $_COOKIE_expire);     //保存用户名
                setcookie('password', $password_cookie, $_COOKIE_expire);     //保存密码
            }
            //登录成功，保存用户会话
        }
    }

//当有表单提交时

//当Cookie中存在登录状态时
    if (isset($_COOKIE['username']) && isset($_COOKIE['password'])){
        //取出用户名和密码
        $username=$_COOKIE['username'];
        $password=$_COOKIE['password'];
        //对不安全的输入进行SQL转义
    $username=mysqli_real_escape_string($link,$username);
    //根据用户名取出用户信息
    $sql="select `id`,`password`,`salt` from `user` WHERE `username`='$username'";
    if ($rst=mysqli_query($link,$sql)){
        $row=mysqli_fetch_assoc($rst);
        //计算COOKIE密码
        $ua = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
        $password_cookie = md5($row['password'] . md5($ua . $row['salt']));
        //验证COOKIE密码
        if ($password==$password_cookie){
            //登录成功，保存用户对话
        }
    }
} 
?>